Revision [327]
This is an old revision of DnsSpec made by AvoYager on 2007-07-01 23:34:52.
Status: working draft
The DNS architecture for OpenNIC into 2007 has been pretty sound, with the exception of the "single point of failure" at ns0 due to a policy of all TLDs, both OpenNIC and ICANN, being aggregated into a single distributed root zone on that host alone.
Important and useful elments of this structure are preserved in the following suggestion for change.
- each TLD sponsors one tier1 and one tier2 DNS server
- each TLD's tier1 server is solely responsible for publishing (to other tier1 servers, or to tier0, depending on final architecture) changes to their TLD zone
- all tier1 servers provide non-recursive response to tier2 servers for all TLDs
- DNSSEC required?
- permissible to respond to non-tier2 servers?
- all tier2 servers provide recursive response to anybody and everybody
In this scenario, each TLD's representative tier1 server would be solely responsible for maintaining and distributing the zone file for its TLD.
A single ns0 (tier0) host could aggregate all the ICANN, and other, root zones for integration into the tier1 distribution. Each tier1 host should have the ability to become tier0/ns0 in the event ns0 goes out of service.
The tricky part about a distributed root is that the root zone, which is authoritative for '.' , must contain ALL served TLDs.
But does it have to be in a single file with Bind9?
Maybe not, with the $INCLUDE Directive
CategoryArchitecture
CategoryHostmastering
